nanog mailing list archives
Re: Todd Underwood was a little late
From: Garrett Skjelstad <garrett () skjelstad org>
Date: Wed, 16 Jun 2010 22:07:10 -0700
RFC 2827 anyone? On Wed, Jun 16, 2010 at 9:38 PM, Roy <r.engehausen () gmail com> wrote:
On 6/16/2010 7:43 PM, Jon Lewis wrote:On Thu, 17 Jun 2010, Mark Andrews wrote: Why was this traffic hitting your DNS server in the first place? Itshould have been rejected by the ingress filters preventing spoofing of the local network.When I ran a smaller simpler network, I did have input filters on our transit providers rejecting packets from our IP space. With a larger network, multiple IP blocks, numerous multihomed customers, some of which use IP's we've assigned them, it gets a little more complicated to do. I could reject at our border, packets sourced from our IP ranges with exceptions for any of the IP blocks we've assigned to multihomed customers. The ACLs wouldn't be that long, or that hard to maintain. Is this common practice? -Sounds like a good use of URPF.
Current thread:
- Todd Underwood was a little late Jon Lewis (Jun 16)
- Re: Todd Underwood was a little late Mark Andrews (Jun 16)
- Re: Todd Underwood was a little late Jon Lewis (Jun 16)
- Re: Todd Underwood was a little late Mark Andrews (Jun 16)
- Re: Todd Underwood was a little late Roy (Jun 16)
- Re: Todd Underwood was a little late Garrett Skjelstad (Jun 16)
- Re: Todd Underwood was a little late Brian Feeny (Jun 17)
- Re: Todd Underwood was a little late William Herrin (Jun 17)
- Re: Todd Underwood was a little late Steve Bertrand (Jun 18)
- Re: Todd Underwood was a little late Chris Adams (Jun 18)
- Re: Todd Underwood was a little late Steve Bertrand (Jun 18)
- Re: Todd Underwood was a little late William Herrin (Jun 18)
- Re: Todd Underwood was a little late Steve Bertrand (Jun 18)
- Re: Todd Underwood was a little late William Herrin (Jun 18)
- Re: Todd Underwood was a little late Jon Lewis (Jun 16)
- Re: Todd Underwood was a little late Mark Andrews (Jun 16)